[gptalk] Re: Stopping Vista Firewall Service not working
- From: "Kopenski, Jack" <Jack.Kopenski@xxxxxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Wed, 23 Jul 2008 10:40:15 -0400
Darren,
Any clue why the Vista service will not stop?
Jack
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, July 22, 2008 3:13 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Well, if your goal is to ensure that when they are on the corporate
network, no ports are blocked, then that is exactly what the GP-based
firewall profiles are meant to do. The domain profile can be configured
to essentially turn off the firewall when on the corporate LAN and then
other profiles can handle public and private networks (e.g. in a coffee
shop or at home).
Frankly, I'm sure you have business requirements for it, but as a local
administrator, GP is relatively useless. As admin I can circumvent any
GP controls put in place. Given that you work at a software company, I'm
sure you have a lot of smart engineers that would be only too happy to
help you out there J.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Kopenski, Jack
Sent: Tuesday, July 22, 2008 11:49 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Darren,
They do have admin access, and I am willing to concede that some people
will turn it back on.
There are really two things I am trying to accomplish. I want the
firewall off, AND the service stopped when they are in the office. With
the service on we are not able to perform some security sweeps or reads
from the client machines. So just turning the firewall off is only half
my need.
Jack
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Tuesday, July 22, 2008 2:36 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Stopping Vista Firewall Service not working
Jack-
I think you'd be better off using the Windows Firewall with Advanced
Security feature in Vista GP to control the firewall on Vista. Have you
used that area before?
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Kopenski, Jack
Sent: Tuesday, July 22, 2008 11:31 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Stopping Vista Firewall Service not working
I have created a simple GPO using group policy preferences to stop the
Windows XP firewall service (SharedAccess) and to stop the Vista
firewall service (MpsSvc). I configured: Computer Configuration >
Preferences > Control Panel Settings > Services.
I created an entry for service "MpsSvc" with the Action to stop the
service, Startup as No Change, and Account Logon as No Change.
I created a second entry for service "SharedAcess" with the same
settings.
The GPO works fine for XP machines, but I see no change for Vista. The
RSOP shows the GPO was applied as does the Group Policy event log. I
have tried to run this with an Account Logon of Local System, but that
made no difference. I suspect it is a Vista UAC issue, so does anyone
see anything I missed?
Jack
The contents of this e-mail are intended for the named addressee only.
It contains information that may be confidential. Unless you are the
named addressee or an authorized designee, you may not copy or use it,
or disclose it to anyone else. If you received it in error please notify
us immediately and then destroy it.
Other related posts:
